EUVD-2025-27135

ID: EUVD-2025-27135

Severity: critical

CVSS v4: 9.2 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process.

Timestamps

Normalized: 2025-12-31T11:32:20Z UTC
Last updated: 2025-12-31T11:30:10Z UTC

References

No references provided.

VulnAI

EUVD-2025-27135

Description

Timestamps

References